package com.dissertation.config;

import com.dissertation.config.auth.CredentialsMatcher;
import com.dissertation.config.auth.UserRealm;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;

@Configuration
public class ShiroConfig {



    @Bean( name = "shiroFilter" )
    public ShiroFilterFactoryBean shiroFilter( @Qualifier( "securityManager" ) SecurityManager manager ) {
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        bean.setSecurityManager( manager );

        //配置登录的url和登录成功的url
        bean.setLoginUrl( "/sign" );
        bean.setSuccessUrl( "/home" );
        //配置访问权限
        LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
        /*filterChainDefinitionMap.put( "/sign", "anon" ); //这里是页面
        filterChainDefinitionMap.put( "/login", "anon" ); //这里是页面
        filterChainDefinitionMap.put( "/logout*", "anon" );
        filterChainDefinitionMap.put( "/jsp/error", "anon" );
        filterChainDefinitionMap.put( "/js/**", "anon" );
        filterChainDefinitionMap.put( "/css/**", "anon" );
        filterChainDefinitionMap.put( "/img/**", "anon" );


        filterChainDefinitionMap.put( "/*", "authc" );//表示需要认证才可以访问
        filterChainDefinitionMap.put( "/**", "authc" );//表示需要认证才可以访问
        filterChainDefinitionMap.put( "/*.*", "authc" );*/

        filterChainDefinitionMap.put( "/**", "anon" );
        bean.setFilterChainDefinitionMap( filterChainDefinitionMap );

        return bean;
    }

    //配置核心安全事务管理器
    @Bean( name = "securityManager" )
    public SecurityManager securityManager( @Qualifier( "userRealm" ) UserRealm authRealm ) {
        DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
        manager.setRealm( authRealm );
        return manager;
    }

    //配置自定义的权限登录器
    @Bean( name = "userRealm" )
    public UserRealm userRealm( @Qualifier( "credentialsMatcher" ) CredentialsMatcher matcher ) {
        UserRealm authRealm = new UserRealm();
        authRealm.setCredentialsMatcher( matcher );
        return authRealm;
    }

    //配置自定义的密码比较器
    @Bean( name = "credentialsMatcher" )
    public CredentialsMatcher credentialsMatcher() {
        return new CredentialsMatcher();
    }

    @Bean
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

    @Bean
    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator creator = new DefaultAdvisorAutoProxyCreator();
        creator.setProxyTargetClass( true );
        return creator;
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor( @Qualifier( "securityManager" ) SecurityManager manager ) {
        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager( manager );
        return advisor;
    }



}
